What operating system(s) do you use and why?
For servers exposed to the Internet, my personal choice is Linux. However, for the NetFrameworks consulting practice, Microsoft Windows server products are of course a marketplace reality and we work to secure that technology, and implement with it, if a client's business needs dictate such a requirement. We work with all of them (Solaris, mainframe operating systems, etc). On the desktop, I run Linux and also Windows. It's difficult to survive today without using Windows on the desktop since it's everywhere. I admit I'm a big Linux fan, but I understand the marketplace role of Microsoft and, on the desktop, their role in the marketplace leaves me with few choices. I do remember the day when I could go to the store and actually choose from several different word processors and operating systems. I miss those days. I wrote Mission Critical Security Planner using a wonderful product, Adobe Framemaker. I then converted at the end to Microsoft Word, as required by the publisher's post-processing tools. Fortunately Wiley accomodated me through that entire process, they allowed me to do that.
How long did it take you to write "Mission-Critical Security Planner: When Hackers Won't Take No for an Answer" and what was it like?
The book took a little over two years to write. Writing a book is a very exciting and somewhat spiritual process for me-- I feel as though writing is something I'm "supposed" to do in this life. At the same time, it's incredibly exhausting. This particular book required a great amount of up-front conceptual forethought. From the beginning, the goal of Mission Critical Security Planner was to make the life of the reader easier. Myself, and Carol Long (the fantastic Wiley executive editor I worked with), kept the pressure on ourselves throughout the writing/editing process, making sure we never forgot that goal. Whenever I wrote anything, we asked ourselves 1) will this make a security person's life easier and how and 2) is this an actionable/workable/usable approach because if it isn't, go back to the drawing board. We set-out to provide a workable, actionable security planning approach. Since no such approach existed (my reason for writing the book), I needed to find answers to problems that didn't exist. I would spend endless hours going over and over various approaches to modelling secure distributed computing and, very importantly, ways of synthesizing that model into something the reader can immediately use. As we applied the principles of Mission Critical Security Planning in our NetFrameworks security consulting work, we went back and refined the book's content to reflect our experiences. We didn't just write about mission critical security planning, we lived it.
If you could start working on the book all over again, what changes would you make?